3 # Run select tests by setting ONLY, or as arguments to the script.
4 # Skip specific tests by setting EXCEPT.
6 # e.g. ONLY="22 23" or ONLY="`seq 32 39`" or EXCEPT="31"
11 LUSTRE=${LUSTRE:-$(dirname $0)/..}
12 . $LUSTRE/tests/test-framework.sh
16 ALWAYS_EXCEPT="$SANITY_GSS_EXCEPT"
18 [ "$SLOW" = "no" ] && EXCEPT_SLOW="100 101"
22 require_dsh_mds || exit 0
24 # $RUNAS_ID may get set incorrectly somewhere else
25 [ $UID -eq 0 -a $RUNAS_ID -eq 0 ] &&
26 error "RUNAS_ID set to 0, but UID is also 0!"
28 # remove $SEC, we'd like to control everything by ourselves
32 # global variables of this sanity
41 which klist || skip "Kerberos env not setup"
42 which kinit || skip "Kerberos env not setup"
45 prepare_krb5_creds() {
46 echo prepare krb5 cred
48 $RUNAS krb5_login.sh || exit 1
54 # we want double mount
55 MOUNT_2=${MOUNT_2:-"yes"}
56 check_and_setup_lustre
58 rm -rf $DIR/[df][0-9]*
60 check_runas_id $RUNAS_ID $RUNAS_ID $RUNAS
64 local NPROC=$(grep -c ^processor /proc/cpuinfo)
65 [ $NPROC -gt 2 ] && NPROC=2
66 bash rundbench -D $DIR/$tdir $NPROC 1>/dev/null &
70 num=$(ps --no-headers -p $DBENCH_PID 2>/dev/null | wc -l)
71 if [ $num -ne 1 ]; then
72 error "failed to start dbench $NPROC"
74 echo "started dbench with $NPROC processes at background"
82 num=$(ps --no-headers -p $DBENCH_PID 2>/dev/null | wc -l)
83 if [ $num -eq 0 ]; then
84 echo "dbench $DBENCH_PID already finished"
85 wait $DBENCH_PID || error "dbench $PID exit with error"
87 elif [ $num -ne 1 ]; then
89 error "found $num instance of pid $DBENCH_PID ???"
98 killall dbench 2>/dev/null
99 local num=$(ps --no-headers -p $DBENCH_PID | wc -l)
100 if [ $num -eq 0 ]; then
101 echo "dbench finished"
104 echo "dbench $DBENCH_PID is still running, waiting 2s..."
108 wait $DBENCH_PID || true
122 # obtain and cache Kerberos ticket-granting ticket
128 if [ -z "$myRUNAS" ]; then
129 error_exit "myRUNAS command must be specified for refresh_krb5_tgt"
132 CLIENTS=${CLIENTS:-$HOSTNAME}
133 do_nodes $CLIENTS "set -x
134 if ! $myRUNAS krb5_login.sh; then
135 echo "Failed to refresh Krb5 TGT for UID/GID $myRUNAS_UID/$myRUNAS_GID."
140 restore_krb5_cred() {
141 local keys=$(keyctl show | awk '$6 ~ "^lgssc:" {print $1}')
147 $RUNAS krb5_login.sh || exit 1
150 check_multiple_gss_daemons() {
153 local gssd_name=$(basename $gssd)
155 for ((i = 0; i < 10; i++)); do
156 do_facet $facet "$gssd -vvv"
159 # wait daemons entering "stable" status
162 local num=$(do_facet $facet ps -o cmd -C $gssd_name |
164 echo "$num instance(s) of $gssd_name are running"
166 if [ $num -ne 1 ]; then
167 error "$gssd_name not unique"
177 echo "bring up gss daemons..."
180 echo "check with someone already running..."
181 check_multiple_gss_daemons $my_facet $LSVCGSSD
183 echo "check with someone run & finished..."
184 do_facet $my_facet killall -q -2 lgssd $LSVCGSSD || true
185 sleep 5 # wait fully exit
186 check_multiple_gss_daemons $my_facet $LSVCGSSD
188 echo "check refresh..."
189 do_facet $my_facet killall -q -2 lgssd $LSVCGSSD || true
190 sleep 5 # wait fully exit
191 do_facet $my_facet ipcrm -S 0x3b92d473
192 check_multiple_gss_daemons $my_facet $LSVCGSSD
194 run_test 0 "start multiple gss daemons"
199 local file=$DIR/$tdir/$tfile
201 mkdir $DIR/$tdir || error "mkdir $DIR/$tdir failed"
202 chmod 0777 $DIR/$tdir || error "chmod $DIR/$tdir failed"
203 $RUNAS ls -ld $DIR/$tdir
206 $RUNAS $LFS flushctx -k -r $MOUNT || error "can't flush context"
207 $RUNAS touch $file && error "unexpected success"
211 $RUNAS touch $file || error "should not fail"
212 [ -f $file ] || error "$file not found"
214 run_test 1a "access with or without krb5 credential"
217 local file=$DIR/$tdir/$tfile
218 local lgssconf=/etc/request-key.d/lgssc.conf
219 local clients=$CLIENTS
222 [ -z $clients ] && clients=$HOSTNAME
223 zconf_umount_clients $clients $MOUNT || error "umount clients failed"
225 echo "stop gss daemons..."
228 # get local realm from krb5.conf, assume the same for all nodes
229 realm=$(grep default_realm /etc/krb5.conf | awk '{print $3}')
231 # add -R option to lgss_keyring on local client
232 cp $lgssconf $TMP/lgssc.conf
233 stack_trap "yes | cp $TMP/lgssc.conf $lgssconf" EXIT
234 sed -i s+lgss_keyring+\&\ \-R\ $realm+ $lgssconf
236 # add -R option to lsvcgssd
237 echo "bring up gss daemons..."
238 start_gss_daemons '' '' "-R $realm"
239 stack_trap "stop_gss_daemons ; start_gss_daemons" EXIT
241 zconf_mount_clients $clients $MOUNT || error "mount clients failed"
243 mkdir $DIR/$tdir || error "mkdir $DIR/$tdir failed"
244 chmod 0777 $DIR/$tdir || error "chmod $DIR/$tdir failed"
245 $RUNAS touch $file || error "touch $file failed"
246 [ -f $file ] || error "$file not found"
248 run_test 1b "Use specified realm"
251 local file1=$DIR/$tdir/$tfile-1
252 local file2=$DIR/$tdir/$tfile-2
254 mkdir $DIR/$tdir || error "mkdir $DIR/$tdir failed"
255 chmod 0777 $DIR/$tdir || error "chmod $DIR/$tdir failed"
257 # current access should be ok
258 $RUNAS touch $file1 || error "can't touch $file1"
259 [ -f $file1 ] || error "$file1 not found"
261 # cleanup all cred/ctx and touch
262 $RUNAS $LFS flushctx -k -r $MOUNT || error "can't flush context"
263 $RUNAS touch $file2 && error "unexpected success"
267 $RUNAS touch $file2 || error "should not fail"
268 [ -f $file2 ] || error "$file2 not found"
270 run_test 2 "lfs flushctx"
273 local file=$DIR/$tdir/$tfile
275 mkdir $DIR/$tdir || error "mkdir $DIR/$tdir failed"
276 chmod 0777 $DIR/$tdir || error "chmod $DIR/$tdir failed"
279 echo "aaaaaaaaaaaaaaaaa" > $file
281 $CHECKSTAT -p 0666 $file || error "$UID checkstat error"
282 $RUNAS $CHECKSTAT -p 0666 $file || error "$RUNAS_ID checkstat error"
283 $RUNAS cat $file > /dev/null || error "$RUNAS_ID cat error"
286 $RUNAS $MULTIOP $file o_r &
288 # wait multiop finish its open()
291 # cleanup all cred/ctx and check
292 # metadata check should fail, but file data check should succeed
293 # because we always use root credential to OSTs
294 $RUNAS $LFS flushctx -k -r $MOUNT || error "can't flush context"
295 echo "destroyed credentials/contexs for $RUNAS_ID"
296 $RUNAS $CHECKSTAT -p 0666 $file && error "checkstat succeed"
298 wait $OPPID || error "read file data failed"
299 echo "read file data OK"
301 # restore and check again
303 echo "restored credentials for $RUNAS_ID"
304 $RUNAS $CHECKSTAT -p 0666 $file || error "$RUNAS_ID checkstat (2) error"
305 echo "$RUNAS_ID checkstat OK"
306 $CHECKSTAT -p 0666 $file || error "$UID checkstat (2) error"
307 echo "$UID checkstat OK"
308 $RUNAS cat $file > /dev/null || error "$RUNAS_ID cat (2) error"
309 echo "$RUNAS_ID read file data OK"
311 run_test 3 "local cache under DLM lock"
314 local file1=$DIR/$tdir/$tfile-1
315 local file2=$DIR/$tdir/$tfile-2
316 local wait_time=$((TIMEOUT + TIMEOUT / 2))
318 mkdir $DIR/$tdir || error "mkdir $DIR/$tdir failed"
319 chmod 0777 $DIR/$tdir || error "chmod $DIR/$tdir failed"
321 # current access should be ok
322 $RUNAS touch $file1 || error "can't touch $file1"
323 [ -f $file1 ] || error "$file1 not found"
326 send_sigint $(comma_list $(mdts_nodes)) $LSVCGSSD
328 check_gss_daemon_nodes $(comma_list $(mdts_nodes)) $LSVCGSSD &&
329 error "$LSVCGSSD still running"
331 # flush context, and touch
332 $RUNAS $LFS flushctx -k -r $MOUNT || error "can't flush context (1)"
334 $RUNAS touch $file2 && error "should fail without $LSVCGSSD"
336 # restart lsvcgssd, expect touch succeed
337 echo "restart $LSVCGSSD and recovering"
338 start_gss_daemons $(comma_list $(mdts_nodes)) "$LSVCGSSD -vvv"
340 check_gss_daemon_nodes $(comma_list $(mdts_nodes)) $LSVCGSSD
341 $RUNAS $LFS flushctx -k -r $MOUNT || error "can't flush context (2)"
343 $RUNAS touch $file2 || error "should not fail now"
344 [ -f $file2 ] || error "$file2 not found"
346 run_test 5 "lsvcgssd dead, operations fail"
351 mkdir $DIR/$tdir || error "mkdir $DIR/$tdir failed"
352 for ((i=0; i<$nfile; i++)); do
353 dd if=/dev/zero of=$DIR/$tdir/$tfile-$i bs=8k count=1 ||
354 error "dd $tfile-$i failed"
356 ls -l $DIR/$tdir/* > /dev/null || error "ls failed"
357 rm -rf $DIR2/$tdir/* || error "rm failed"
358 rmdir $DIR2/$tdir || error "rmdir failed"
360 run_test 6 "test basic DLM callback works"
365 # for open(), client only reserve space for default stripe count lovea,
366 # and server may return larger lovea in reply (because of larger stripe
367 # count), client need call enlarge_reqbuf() and save the replied lovea
368 # in request for future possible replay.
370 # Note: current script does NOT guarantee enlarge_reqbuf() will be in
371 # the path, however it does work in local test which has 2 OSTs and
372 # default stripe count is 1.
373 [[ $OSTCOUNT -ge 2 ]] || skip_env "needs >= 2 OSTs"
375 mkdir $DIR/$tdir || error "mkdir $DIR/$tdir failed"
376 $LFS setstripe -c $OSTCOUNT $DIR/$tdir || error "setstripe -c $OSTCOUNT"
379 for ((i = 0; i < 20; i++)); do
380 dd if=/dev/zero of=$DIR/$tdir/f$i bs=4k count=16 2>/dev/null
383 for ((i = 0; i < 20; i++)); do
384 dd if=$DIR/$tdir/f$i of=/dev/null bs=4k count=16 2>/dev/null
387 run_test 7 "exercise enlarge_reqbuf()"
391 local atoldbase=$(do_facet $SINGLEMDS "$LCTL get_param -n at_history")
394 do_facet $SINGLEMDS "$LCTL set_param at_history=8" || true
396 "do_facet $SINGLEMDS $LCTL set_param at_history=$atoldbase" EXIT
403 stack_trap debugrestore EXIT
404 $LCTL set_param debug=+other
406 # wait for the at estimation come down, this is faster
408 req_delay=$($LCTL get_param -n \
409 mdc.${FSNAME}-MDT0000-mdc-*.timeouts |
410 awk '/portal 12/ {print $5}' | tail -1)
411 [ $req_delay -le 5 ] && break
412 echo "current AT estimation is $req_delay, wait a little bit"
415 req_delay=$((${req_delay} + ${req_delay} / 4 + 5))
417 # sleep sometime in ctx handle
418 do_facet $SINGLEMDS $LCTL set_param fail_val=$req_delay
419 #define OBD_FAIL_SEC_CTX_HDL_PAUSE 0x1204
420 do_facet $SINGLEMDS $LCTL set_param fail_loc=0x1204
422 $RUNAS $LFS flushctx -k -r $MOUNT ||
423 error "can't flush context on $MOUNT"
426 $RUNAS touch $DIR/$tdir/$tfile &
428 echo "waiting for touch (pid $TOUCHPID) to finish..."
429 sleep 2 # give it a chance to really trigger context init rpc
430 do_facet $SINGLEMDS $LCTL set_param fail_loc=0
431 wait $TOUCHPID || error "touch should have succeeded"
433 $LCTL dk | grep -i "Early reply #" || error "No early reply"
435 run_test 8 "Early reply sent for slow gss context negotiation"
438 # following tests will manipulate flavors and may end with any flavor set,
439 # so each test should not assume any start flavor.
443 if [ "$SLOW" = "no" ]; then
451 restore_to_default_flavor
456 for ((n = 1; n <= $total; n++)); do
459 echo "flush ctx ($n/$total) ..."
460 $LFS flushctx -k -r $MOUNT ||
461 error "can't flush context on $MOUNT"
464 #sleep to let ctxs be re-established
468 run_test 90 "recoverable from losing contexts under load"
478 nrule_old=$(do_facet mgs lctl get_param -n mgs.MGS.live.$FSNAME \
479 2>/dev/null | grep -c "$FSNAME.srpc.flavor.")
480 echo "original general rules: $nrule_old"
482 for ((i = $nrule_old; i < $max; i++)); do
483 set_rule $FSNAME ${NETTYPE}$i cli2mdt krb5n ||
484 error "set rule $i (1)"
485 set_rule $FSNAME ${NETTYPE}$i cli2ost krb5n ||
486 error "set rule $i (2)"
487 set_rule $FSNAME ${NETTYPE}$i mdt2ost null ||
488 error "set rule $i (3)"
489 set_rule $FSNAME ${NETTYPE}$i mdt2mdt null ||
490 error "set rule $i (4)"
492 for ((i = $nrule_old; i < $max; i++)); do
493 set_rule $FSNAME ${NETTYPE}$i cli2mdt ||
494 error "remove rule $i (1)"
495 set_rule $FSNAME ${NETTYPE}$i cli2ost ||
496 error "remove rule $i (2)"
497 set_rule $FSNAME ${NETTYPE}$i mdt2ost ||
498 error "remove rule $i (3)"
499 set_rule $FSNAME ${NETTYPE}$i mdt2mdt ||
500 error "remove rule $i (4)"
504 nrule_new=$(do_facet mgs lctl get_param -n mgs.MGS.live.$FSNAME \
505 2>/dev/null | grep -c "$FSNAME.srpc.flavor.")
506 if [ $nrule_new != $nrule_old ]; then
507 error "general rule: $nrule_new != $nrule_old"
511 # target-specific rules
513 nrule_old=$(do_facet mgs lctl get_param -n mgs.MGS.live.$FSNAME \
514 2>/dev/null | grep -c "$FSNAME-MDT0000.srpc.flavor.")
515 echo "original target rules: $nrule_old"
517 for ((i = $nrule_old; i < $max; i++)); do
518 set_rule $FSNAME-MDT0000 ${NETTYPE}$i cli2mdt krb5i ||
519 error "set new rule $i (1)"
520 set_rule $FSNAME-MDT0000 ${NETTYPE}$i mdt2ost null ||
521 error "set new rule $i (2)"
522 set_rule $FSNAME-MDT0000 ${NETTYPE}$i mdt2mdt null ||
523 error "set new rule $i (3)"
525 for ((i = $nrule_old; i < $max; i++)); do
526 set_rule $FSNAME-MDT0000 ${NETTYPE}$i cli2mdt ||
527 error "remove new rule $i (1)"
528 set_rule $FSNAME-MDT0000 ${NETTYPE}$i mdt2ost ||
529 error "remove new rule $i (2)"
530 set_rule $FSNAME-MDT0000 ${NETTYPE}$i mdt2mdt ||
531 error "remove new rule $i (3)"
534 nrule_new=$(do_facet mgs lctl get_param -n mgs.MGS.live.$FSNAME \
535 2>/dev/null \ | grep -c "$FSNAME-MDT0000.srpc.flavor.")
536 if [ $nrule_new != $nrule_old ]; then
537 error "general rule: $nrule_new != $nrule_old"
540 run_test 99 "set large number of sptlrpc rules"
543 # started from default flavors
544 restore_to_default_flavor
548 # running dbench in background
552 # all: null -> krb5n -> krb5a -> krb5i -> krb5p
570 # nothing should be changed because they are overridden by above rules
572 set_rule $FSNAME-MDT0000 any cli2mdt krb5a
573 set_rule $FSNAME-OST0000 any cli2ost krb5i
574 wait_flavor cli2mdt krb5p || error_dbench "1"
576 wait_flavor cli2ost krb5p || error_dbench "2"
583 set_rule $FSNAME-MDT0000 any cli2mdt
584 set_rule $FSNAME-OST0000 any cli2ost
590 set_rule $FSNAME any mdt2mdt
591 set_rule $FSNAME any cli2mdt
592 set_rule $FSNAME any mdt2ost
593 set_rule $FSNAME any cli2ost
594 restore_to_default_flavor
599 run_test 100 "change security flavor on the fly under load"
605 local filename=$DIR/$tfile
610 # after setting flavor0, start multiop which uses flavor0 rpc, and let
611 # server drop the reply; then switch to flavor1, the resend should be
612 # completed using flavor1. To exercise the code of switching ctx/sec
613 # for a resend request.
615 log ">>>>>>>>>>>>>>> Testing $flavor0 -> $flavor1 <<<<<<<<<<<<<<<<<<<"
617 set_rule $FSNAME any cli2mdt $flavor0
618 wait_flavor cli2mdt $flavor0
619 rm -f $filename || error "remove old $filename failed"
622 #define OBD_FAIL_PTLRPC_DROP_REQ_OPC 0x513
623 do_facet $SINGLEMDS lctl set_param fail_val=36
624 do_facet $SINGLEMDS lctl set_param fail_loc=0x513
625 log "starting multiop"
626 $MULTIOP $filename m &
628 echo "multiop pid=$multiop_pid"
631 set_rule $FSNAME any cli2mdt $flavor1
632 wait_flavor cli2mdt $flavor1
634 num=$(ps --no-headers -p $multiop_pid 2>/dev/null | wc -l)
635 [ $num -eq 1 ] || error "multiop($multiop_pid) already ended ($num)"
636 echo "process $multiop_pid is still hanging there... OK"
638 do_facet $SINGLEMDS lctl set_param fail_loc=0
639 log "waiting for multiop ($multiop_pid) to finish"
640 wait $multiop_pid || error "multiop returned error"
645 # started from default flavors
646 restore_to_default_flavor
648 switch_sec_test null krb5n
649 switch_sec_test krb5n krb5a
650 switch_sec_test krb5a krb5i
651 switch_sec_test krb5i krb5p
652 switch_sec_test krb5p null
654 run_test 101 "switch ctx/sec for resending request"
667 # started from default flavors
668 restore_to_default_flavor
672 # run dbench background
675 echo "Testing null->krb5n->krb5a->krb5i->krb5p->null"
684 echo "waiting for 15s and check again"
688 echo "Testing null->krb5i->null->krb5i->null..."
689 for ((idx = 0; idx < 5; idx++)); do
697 echo "waiting for 15s and check again"
703 run_test 102 "survive from fast flavor switch"
708 local clients=$CLIENTS
710 [ -z $clients ] && clients=$HOSTNAME
712 # started from default flavors
713 restore_to_default_flavor
715 # at this time no rules has been set on mgs; mgc use null
716 # flavor to connect to mgs
717 count=$(flvr_cnt_mgc2mgs null)
718 [ $count -eq 1 ] || error "$count mgc connections use null flavor"
720 zconf_umount_clients $clients $MOUNT || error "umount failed (1)"
722 # mount client with conflict flavor - should fail
723 mount_opts="${MOUNT_OPTS:+$MOUNT_OPTS,}mgssec=krb5p"
724 zconf_mount_clients $clients $MOUNT $mount_opts &&
725 error "mount with conflict flavor should have failed"
727 # mount client with same flavor - should succeed
728 mount_opts="${MOUNT_OPTS:+$MOUNT_OPTS,}mgssec=null"
729 zconf_mount_clients $clients $MOUNT $mount_opts ||
730 error "mount with same flavor should have succeeded"
731 zconf_umount_clients $clients $MOUNT || error "umount failed (2)"
733 # mount client with default flavor - should succeed
734 zconf_mount_clients $clients $MOUNT ||
735 error "mount with default flavor should have succeeded"
737 run_test 150 "secure mgs connection: client flavor setting"
741 set_rule _mgs any any
743 # umount everything, then remount
751 stack_trap exit_151 EXIT
753 # set mgs rule to only accept krb5p
754 set_rule _mgs any any krb5p
756 # umount everything, modules still loaded
759 # start gss daemon on mgs node
760 combined_mgs_mds || start_gss_daemons $mgs_HOST "$LSVCGSSD -vvv"
763 start mgs $(mgsdevname 1) $MDS_MOUNT_OPTS
765 # mount with default flavor, expected to fail
766 start ost1 "$(ostdevname 1)" $OST_MOUNT_OPTS
767 wait_mgc_import_state ost1 FULL 0 &&
768 error "mount with default flavor should have failed"
771 # mount with unauthorized flavor should fail
772 if [ -z "$OST_MOUNT_OPTS" ]; then
773 new_opts="-o mgssec=null"
775 new_opts="$OST_MOUNT_OPTS,mgssec=null"
777 start ost1 "$(ostdevname 1)" $new_opts
778 wait_mgc_import_state ost1 FULL 0 &&
779 error "mount with unauthorized flavor should have failed"
782 # mount with designated flavor should succeed
783 if [ -z "$OST_MOUNT_OPTS" ]; then
784 new_opts="-o mgssec=krb5p"
786 new_opts="$OST_MOUNT_OPTS,mgssec=krb5p"
788 start ost1 "$(ostdevname 1)" $new_opts
789 wait_mgc_import_state ost1 FULL 0 ||
790 error "mount with designated flavor should have succeeded"
794 run_test 151 "secure mgs connection: server flavor control"
796 complete_test $SECONDS
799 check_and_cleanup_lustre